--> Trustsec provides centralized security policy in the network.
--> Identities are tied to security group tags instead of VLANs/IP address in Trustsec.
--> Security group tag is a 16-bit unique tag assigned to device/user/group/
--> Security group tag is assigned at the ingress of trustsec domain.
--> Access control policies are based upon security group tags at both source and destination.
--> Trustsec allows accelerated security policy modifications as it is based upon security group tags rather IP addresses.
--> Trustsec allows implementing uniform/consistent security policy on the user regardless of connection(LAN/WAN/VPN).
--> Trustsec Policy stays with the user/server regardless of location or topology.
--> Trustsec provides Simpler and accelerated security operations.
--> Trustsec policies are applied to switches and firewalls.
--> IP address is still required to forward the traffic between source and destination.
--> IPS/Web Filtering/Application control and other security features are still required as Trustsec is used to identify the traffic and enforce the policy.
--> Trustsec uses 3 functions to implement/enforce centralized security policy in the network.
1) Classification: Assigning the tags to the user/device/group based upon some criteria.
2) Propagation: Forward the tag information over the trustsec domain from one network device to another.
3) Enforce: Implementing the policy based upon security group tags on the destination.
Ref: Cisco.com
Md.Kareemoddin
CCIE # 54759
--> Identities are tied to security group tags instead of VLANs/IP address in Trustsec.
--> Security group tag is a 16-bit unique tag assigned to device/user/group/
--> Security group tag is assigned at the ingress of trustsec domain.
--> Access control policies are based upon security group tags at both source and destination.
--> Trustsec allows accelerated security policy modifications as it is based upon security group tags rather IP addresses.
--> Trustsec allows implementing uniform/consistent security policy on the user regardless of connection(LAN/WAN/VPN).
--> Trustsec Policy stays with the user/server regardless of location or topology.
--> Trustsec provides Simpler and accelerated security operations.
--> Trustsec policies are applied to switches and firewalls.
--> IP address is still required to forward the traffic between source and destination.
--> IPS/Web Filtering/Application control and other security features are still required as Trustsec is used to identify the traffic and enforce the policy.
--> Trustsec uses 3 functions to implement/enforce centralized security policy in the network.
1) Classification: Assigning the tags to the user/device/group based upon some criteria.
2) Propagation: Forward the tag information over the trustsec domain from one network device to another.
3) Enforce: Implementing the policy based upon security group tags on the destination.
Ref: Cisco.com
Md.Kareemoddin
CCIE # 54759